Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 22 replies
  • Subscribers 0 subscribers
  • Views 5161 views
  • Users 0 members are here
Options
Suggested

[7.900][BUG][OPEN] Network Security Statistics Today V8

scottj_01
All-

I am not seeing any network security statistics being displayed, not are the histograms available under reporting. In the reporting settings I have IPS and Packet Filter selected. When I loaded V8 I used my config file from ver 7.504 and the stats were working there. Live log is displaying the dropped packets when accessed so this tells me loggin is goin on.

Thanks,
Jim
Parents
  • 0
    Cstich,

    Today I did a reset of astaro and after doing a full manual config I had to turn off the web proxy. I noticed the following in the configuration daemon log:

    2010:04:18-16:45:50 OASIS confd[7531]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="new"
    2010:04:18-16:46:30 OASIS confd[7531]: I Storage::commit:344() => id="310d" severity="info" sys="System" sub="confd" name="external commit" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="commit" storage="/cfg"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="profile" ref="REF_DefaultHTTPProfile" objname="Default Proxy" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" attr_status="0" oldattr_status="1"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" version="9" storage="/cfg"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->profiles" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->exceptions" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:52:44 OASIS confd[7701]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" call="new"

    The permission denied looked odd.....
    I did not see it again once the HTTP porxy was enabled:

    2010:04:18-16:45:50 OASIS confd[7531]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="new"
    2010:04:18-16:46:30 OASIS confd[7531]: I Storage::commit:344() => id="310d" severity="info" sys="System" sub="confd" name="external commit" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="commit" storage="/cfg"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="profile" ref="REF_DefaultHTTPProfile" objname="Default Proxy" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" attr_status="0" oldattr_status="1"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" version="9" storage="/cfg"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->profiles" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->exceptions" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:52:44 OASIS confd[7701]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" call="new"
    2010:04:18-16:54:01 OASIS confd[7701]: I Storage::commit:344() => id="310d" severity="info" sys="System" sub="confd" name="external commit" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" call="commit" storage="/cfg"
    2010:04:18-16:54:01 OASIS confd[4075]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="profile" ref="REF_DefaultHTTPProfile" objname="Default Proxy" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" pid="7701" attr_status="1" oldattr_status="0"
    2010:04:18-16:54:01 OASIS confd[4075]: I main::cleanup_changelog:688() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 7 from changelog"
    2010:04:18-16:54:01 OASIS confd[4075]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" pid="7701" version="10" storage="/cfg"
    2010:04:18-16:59:36 OASIS confd[7893]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="GLlikipinpNcrXZSDqlK" facility="webadmin" client="index.plx" call="new"

    I have over 100 sites added in the block URL's list. All advertising sites in addition to catagories blocked.

    Thanks,
    Jim
Reply
  • 0
    Cstich,

    Today I did a reset of astaro and after doing a full manual config I had to turn off the web proxy. I noticed the following in the configuration daemon log:

    2010:04:18-16:45:50 OASIS confd[7531]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="new"
    2010:04:18-16:46:30 OASIS confd[7531]: I Storage::commit:344() => id="310d" severity="info" sys="System" sub="confd" name="external commit" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="commit" storage="/cfg"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="profile" ref="REF_DefaultHTTPProfile" objname="Default Proxy" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" attr_status="0" oldattr_status="1"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" version="9" storage="/cfg"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->profiles" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->exceptions" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:52:44 OASIS confd[7701]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" call="new"

    The permission denied looked odd.....
    I did not see it again once the HTTP porxy was enabled:

    2010:04:18-16:45:50 OASIS confd[7531]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="new"
    2010:04:18-16:46:30 OASIS confd[7531]: I Storage::commit:344() => id="310d" severity="info" sys="System" sub="confd" name="external commit" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="commit" storage="/cfg"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="profile" ref="REF_DefaultHTTPProfile" objname="Default Proxy" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" attr_status="0" oldattr_status="1"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" version="9" storage="/cfg"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->profiles" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->exceptions" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:52:44 OASIS confd[7701]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" call="new"
    2010:04:18-16:54:01 OASIS confd[7701]: I Storage::commit:344() => id="310d" severity="info" sys="System" sub="confd" name="external commit" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" call="commit" storage="/cfg"
    2010:04:18-16:54:01 OASIS confd[4075]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="profile" ref="REF_DefaultHTTPProfile" objname="Default Proxy" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" pid="7701" attr_status="1" oldattr_status="0"
    2010:04:18-16:54:01 OASIS confd[4075]: I main::cleanup_changelog:688() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 7 from changelog"
    2010:04:18-16:54:01 OASIS confd[4075]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" pid="7701" version="10" storage="/cfg"
    2010:04:18-16:59:36 OASIS confd[7893]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="GLlikipinpNcrXZSDqlK" facility="webadmin" client="index.plx" call="new"

    I have over 100 sites added in the block URL's list. All advertising sites in addition to catagories blocked.

    Thanks,
    Jim
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?